Can anyone help me decipher the following report:

+ Target Port: 80
+ Start Time: 2015-11-08 17:33:48 (GMT-5)
---------------------------------------------------------------------------
+ Server: Microsoft-IIS/7.5
+ Cookie ASPSESSIONIDSCTDBSSR created without the http only flag
+ Retrieved x-powered-by header: ASP.NET
+ The anti-click jacking X-Frame-Options header is not present.
+ Retrieved x-aspnet-version header: 2.0.50727
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server banner has changed from 'Microsoft-IIS/7.5' to 'Microsoft-HTTPAPI/2.0'
which may suggest a WAF, load balancer or proxy is in place
+ Multiple index files found: index.pl, index.asp
+ Retrieved ms-author-via header: DAV
+ Retrieved DAV header: 1
+ Uncommon header 'ms-author-via' found, with contents: DAV
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST, COPY, PROPFIND
+ Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE
+ OSVDB-397: HTTP method ('Public' Header): 'PUT' method could allow clients to
save files on the web server.
+ OSVDB-5646: HTTP method ('Public' Header): 'DELETE' may allow clients to remove files on the web server.
+ OSVDB-5647: HTTP method ('Public' Header): 'MOVE' may allow clients to change
file locations on the web server.
+ WebDAV enabled (COPY MKCOL PROPPATCH PROPFIND listed as allowed)
+ OSVDB-4598: /patients13/members.asp?SF=%22;}alert(223344);function%20x(){v%20=
%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (X
SS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-2946: /patients13/forum_members.asp?find=%22;}alert(9823);function%20x()
{v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-4231: /patients13/uXHql.xml: Coccoon from Apache-XML project reveals file system path in error messages.
+ OSVDB-5692: /patients13/oekaki/: The PaintBBS Server may allow unauthorized access to the config files.
+ 6544 items checked: 0 error(s) and 18 item(s) reported on remote host
+ End Time: 2015-11-08 17:40:27 (GMT-5) (399 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

I suggest reading NIKTO's documentation first then ask which you don't understand.

same question here, are there any vulnerabilities?

I need at least a nudge in the directions of what Kali tools to use, and what vulnerabilities to use to access the database of the webserver thank you!

Here is what nikto found thank you

Server: Apache/2.2.15 (Unix)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSSpeak
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Server banner has changed from 'Apache/2.2.15 (Unix)' to 'Apache/2.4.43 (Unix) OpenSSL/1.1.1g' which may suggest a WAF, load balancer or proxy is in place
+ Retrieved x-powered-by header: PHP/5.2.13
+ Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.37). Apache 2.2.34 is the EOL for the 2.x branch.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
+ Uncommon header 'server-error' found, with contents: true
+ OSVDB-3092: /manual/: Web server manual found.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3268: /manual/images/: Directory indexing found.
+ Server may leak inodes via ETags, header found with file /icons/README, inode: 2763612, size: 5108, mtime: Tue Aug 28 10:48:10 2007
+ OSVDB-3233: /icons/README: Apache default file found.
+ Cookie JSESSIONID created without the httponly flag
+ /flex2gateway/http: Adobe BlazeDS identified.
+ ERROR: Error limit (20) reached for host, giving up. Last error:
+ Scan terminated: 9 error(s) and 14 item(s) reported on remote host

Server: Apache/2.4.43 (Unix) OpenSSL/1.1.1g
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server banner has changed from 'Apache/2.4.43 (Unix) OpenSSL/1.1.1g' to 'Apache/2.2.15 (Unix)' which may suggest a WAF, load balancer or proxy is in place
+ Retrieved x-powered-by header: PHP/5.2.13
+ ERROR: Error limit (20) reached for host, giving up. Last error:
+ Scan terminated: 9 error(s) and 4 item(s) reported on remote host